The first setting points to the location of the deployment.properties file – this file will ultimately configure and lock down the Java settings. We can store this file on a network but it’s advisable to keep it locally (see below), and due to it being a system-wide setting it should be in a per-machine location. Hence for simplicity we keep it in the same location as the deployment.config file.

The second setting enforces that the deployment.properties file is used. If the file cannot be located when mandatory is set to true (perhaps the file is stored on a network and the network location isn’t available) then Java will not load the application.

Create the deployment.properties file

Now we can start configuring and locking down the settings. For JRE 7 (which is what we are locking down) we can see which Java settings are configurable. Unfortunately not all settings are documented, but it’s a decent guide for most.

Create the file: C:\Windows\Sun\Java\Deployment\deployment.properties, then paste and save the following inside the file:

Create the exception.sites file

Now create the file: C:\Windows\Sun\Java\Deployment\exception.sites. This file can remain blank for now. But adding application URLs to this list allows users to run RIAs that would normally be blocked by security checks. An example of an entry in this file might be:

Disable updates via the registry

Finally there are a few registry values that we can, to prevent Java from automatically updating. Bear in mind that this is for a 32-bit install of Java on a 64-bit platform, and hence the ‘Wow6432Node’ location:

Welcome to our Blog

"Welcome to our blog. We hope to share tips, scripts, tutorials and tool sets which will assist other professionals in creating more robust application packages and scripts, as well as automating and streamlining common processes."